The latest research by Spectrum shows, Python ranked number one programming language this year.
Python core code is secure, but third-party modules, the way you have developed an application may not be, and that’s why you need a security scanner to find vulnerabilities if any.
Let’s take a look at the following scanner to find security risk in Python application.
PYT (Python Taint)
An open source static analysis tool to detect command injection, cross-site scripting, SQL injection, directory transversal attacks in Python web applications.
Get the FREE security scan to Python & Django website to find a weakness in web servers and application.
Tinfoil provides detailed information about vulnerabilities and possible ways to fix them. It focuses on OWASP top 10 including XSS, SQL injection & HTTP response splitting.
Bandit is an Open Stack’s initiative to find common security risk in python code. It processes each file to build AST and generate a report.
You can get it installed using pip.
The usage of Bandit can be customized. For an ex, by default test is done against all the profile, however, if you want to check just ShellInjection then you can try below.
bandit samples/*.py -p ShellInjection
You may also instruct to report based on severity (Low, Medium or High) level.
Pyntch support only Python 2.x, a static code analyzer to detect possible runtime error. It’s not exactly to find risk but will be useful to see runtime exception which can leak sensitive information sometimes.
It’s fast and capable of scanning thousands of lines in a minute.
A python based open-source scanner on finding misconfiguration, insecure files and supporting web frameworks like CherryPy, CakePHP, etc.
Spaghetti is capable of discovering various attacks including the following.
- Brute force
- Credit card, email, IP disclosure
- HTML/SQL/LDAP/XPATH/XSS injection
- ShellShock, Crime, Struts-shock
- Anonymous cipher
RATS (Rough Auditing Tools for Security)
RATS perform a rough analysis of Python, PHP, Perl, C++ code and highlight security related errors like below.
- Time of Check
- Time of Use
- Buffer overflows
A comprehensive vulnerability scanning platform to test network & web applications. Acunetix checks your website for more than 5000 vulnerabilities and provides a detailed report with remediation guidelines.
If your Python web application is exposed to the Internet and looking for in-depth security analysis, then give a try to Acunetix.
I hope above listed tools help you to find risk items in Python web application.